Methods and systems for remotely removing metadata from electronic documents

ABSTRACT

A method and system for removing metadata from email attachments sent from mobile devices includes receiving an email with an attached document. The attached document has metadata removed to create a cleansed version of the attached document. The attached document is replaced by the cleansed version of the attached document, and the email is sent according to the address or addresses included in the email.

BACKGROUND Field of the Invention

The field of the invention relates generally to systems and methods of providing security for data. More particularly, the preferred embodiment relates to electronic cleaning metadata from email attachments, which may be sent from webmail on Exchange or PDA, handheld or mobile devices such as Blackberry, Treo etc.

Related Background

Electronic documents often include metadata relating to changes or prior versions of the document which may not be readily apparent to a person viewing the document in an application. For example, a Word document may include history information which is not displayed to a person viewing the document using Word on a PC (or may not be displayed in all views of a document). This is true for other types of electronic documents, including PDFs, Excel Spreadsheets, etc. Additionally, electronic documents may include additional metadata concerning the document, such as when the document was created, who created the document, etc. While many users may not be concerned with such information, such information may include sensitive or proprietary information that a user, or others, may not wish to share when the electronic document is shared. For example, a user emailing an electronic document may wish not to share some information relating to the history or creation of the document (or the user's employer may wish the user did not share such information outside the company).

The problem of document metadata is made more complicated by the use of smart phones, PDAs, and other mobile devices which may be used to send email, including email with attachments.

Conventional email and document editing and creation systems allow users to share electronic documents, but also allow users to share documents with sensitive metadata. Many desktop based Metadata removal products exist today including Metadata Sweeper by Litera Corp®., Out of Sight by SoftWise™, Protect by Workshare™, Metadata Assistant by Payne Consulting™ and iScrub by Esquire innovations™, etc. None of these products offer Metadata cleaning of Documents attached to emails sent from PDA, BlackBerry™, Palm Treo™ or other handheld devices. Accordingly, a need exists to reduce the chances of unwanted or unauthorized sharing of metadata, particularly in the context of sharing electronic documents with mobile communications devices.

Accordingly, a need exists to provide an improved system of preventing unwanted or unauthorized transmission of electronic documents with metadata.

BRIEF DESCRIPTION OF THE FIGURES

FIG. 1 is a generalized block diagram illustrating a document that may be used with the preferred embodiments.

FIG. 2 is a generalized block diagram illustrating the process of removing metadata from an electronic document attached to an email, according to one possible embodiment.

FIG. 3 is a generalized block diagram illustrating the process of removing metadata from an electronic document attached to an email, according to one possible embodiment.

FIG. 4 is a generalized block diagram of a process of removing metadata from email attachments, according to one possible embodiment.

SUMMARY

The present invention provides for a computer based system and method for removing metadata from a document attached to an email. An email sent from a mobile device is received by a gateway, email server, or other program. The email is analyzed to determine whether it has an attached document. In the event the email includes an attached document the attached document is analyzed to determine the nature of metadata in the document. If the attached document includes metadata the metadata may be cleaned, or the email and or the attachment may be analyzed to determine whether the metadata is to be removed. If the metadata is to be removed a cleaned version of the attached document is created with the metadata, or the desired portion of the metadata, removed. The attached document is replaced with the cleansed version of the attached document, and the email is sent according to the address (or addresses) included in the email (or other delivery instructions specified in either the email or at the gateway, email server or other program). A copy of the cleansed document may be retained. A person, for example a user or administrator, may be notified of the attempt to send a document with metadata, or a person may be given the option of allowing over-ride cleansing the metadata and sending the original attached document with the metadata. A log of all attachments that were cleaned of Metadata may be optionally saved for any desired duration.

DETAILED DESCRIPTION

The present invention is described in the context of a specific embodiment. This is done to facilitate the understanding of the features and principles of the present invention and the present invention is not limited to this embodiment. In particular, the present invention is described in the context of a computer system used to compare, edit, view and/or modify electronic documents.

FIG. 1 is a generalized block diagram illustrating a document 100 that may be used with the preferred embodiments. Document 100 includes primary data 101 and metadata 102. Primary data, in the presently preferred embodiment, includes the information content of the document. By way of example, a document including the play Romeo and Juliet by William Shakespeare would have as the primary data the content information, the prose and words of the play. Additionally, in the presently preferred embodiment, the primary data may include formatting data, such as data on page breaks, paragraph separation and format, text size and type, etc. In the present example metadata 102 may include the author or creator of the document, original name of the document, the time and date the document was created and/or modified, version or history information on the document, including changes made by one or multiple users with user identification, editing time, etc.

FIG. 2 is a generalized block diagram illustrating the process of removing metadata 201 from an electronic document 202 attached to an email 203. The email 204 is sent from a mobile electronic device 205. In the presently preferred embodiment, electronic device is an end-user device, such as a smart phone or PDA, or other mobile electronic device capable of sending an email with an attachment. The email 203 may be sent to a gateway 206 which implements the metadata removal process described below, or the email may be sent to an email server 207, or to another program in communication with the email server. In the event the email is sent from the electronic device to the email server, the email server may send the email with the attached document to the gateway, or the email server may perform the metadata removal process. In the event the metadata removal is performed by the gateway 206, the email 203 with the attached document with the metadata removed is sent to the email server 207. Alternatively, the email with the attachment with the metadata removed may be sent from the email server if the email server performs the process of removing the metadata from the attachment. In yet another embodiment, the gateway may receive the email with the attachment from the email server, and perform the process of removing the metadata from the attachment at the gateway, and the email with the attached document with the metadata removed may be sent or forwarded by the gateway.

FIG. 3 is a generalized block diagram illustrating the process 300 of removing metadata from an electronic document attached to an email sent from a mobile electronic device. At step 301 the email is received from the mobile electronic device. In the presently preferred embodiment, the email is received prior to the email being received by an email server, such as Microsoft Exchange Server or similar email servers. Alternate embodiments may receive the email from an email server, or the present process may be performed by an email server or computer program in communication with the email server.

At step 302 the received email is analyzed to determine whether it has an attachment. If at step 302 it is determined that the received email has an attachment, then the process proceeds to step 304. If at step 302 it is determined that the received email does not have an attachment, the process proceeds to step 303. At step 303 the email is sent according to the addressing information contained in the email The email may be sent to an email server for sending, or if the process 300 is being performed by the email server step 303 may be the process of sending email according to the processes and protocols of the email server.

In the presently preferred embodiment, at step 304 the attached electronic document is analyzed first analyzed for document type. As an example MS OFFICE (e.g. Word), PDF, text (.txt), etc. Next, the documents are for metadata. If at step 304 the attached electronic document contains metadata that the user or administrator has selected as “to be removed” (Metadata properties can be pre configured to remove some or all metadata), then at step 305 the metadata is removed from the attached electronic document. The metadata may be removed from the attached electronic document by invoking a metadata removal application, for example: Metadata Sweeper by Litera®, Metadata Assistant by Payne OCnsulting™, iScrub by Esquire™ Innovations™, Protect by Workshare™, Out of Sight by Softwise™, etc. At step 306 a cleansed version of the attached electronic document is created from the output of step 305. In the presently preferred embodiment, the cleansed version of the attached electronic document contains all of the primary data of the electronic document, but without the metadata associated with the attached electronic document. In one alternative embodiment, step 305 removes only a portion of the metadata of the original document, the portion removed which may be configurable or in accordance with a metadata removal policy. In the presently preferred embodiment, the cleansed version of the attached electronic document has all of the same attributes, such as the ability to edit and modify the document.

At step 307 the cleansed version of the attached electronic document, or cleansed electronic document, is used to replace the attached electronic document in the received email. At step 308 the received email, with the cleansed electronic document attached, is sent. In one preferred embodiment, the email is sent to an email server, which would then handle the email according to the addressing information and instructions, in alternate embodiments the email server may have already performed the necessary sending operation and the process 300 is an after-sending check to prevent unauthorized or unwanted transmission of metadata. In another alterative embodiment, the process 300 may be performed by the email server, and step 308 may include the process of sending the email performed by the email server.

At step 309 cleansed version of the attached electronic document may be saved, either on a server, in attached or networked storage, or on the end-user's electronic device.

Alternate embodiments of the present invention may alert the end user that the attached electronic document has been cleansed prior to transmitting a cleansed version. Additionally, alerts may be sent to an admin, or a log of an attempted sending of an un-cleansed document may be stored and/or reported.

While process 300 describes the intercept of all emails with attachments, alternate embodiments could determine whether to intercept an email according to one or more policies or algorithms. For example, policies may be used to determine whether to cleanse an email according to sender, recipient, type of attachment, aspects of primary data, aspects of metadata, etc.

FIG. 4 is a generalized block diagram of a process 400 of removing metadata from email attachments. At step 401 the email is received from a mobile electronic device. In the presently preferred embodiment, the email is received prior to the email being received by an email server, such as Microsoft Exchange Server or similar email servers. Alternate embodiments may receive the email from an email server, or the present process may be performed by an email server.

At step 402 the received email is analyzed to determine whether it has an attachment. If at step 402 it is determined that the received email has an attachment, then the process proceeds to step 404. If at step 402 it is determined that the received email does not have an attachment, the process proceeds to step 403. At step 403 the email is sent according to the addressing information contained in the email. The email may be sent to an email server, or if the process 400 is being performed by the email server step 403 may include sending email according to the processes and protocols of the email server.

At step 404 the attached document is analyzed to determine whether to remove metadata from the attached document. A cleansing policy is compared to the information obtained from analyzing the attached document to determine whether the attached document is to be cleansed prior to sending the document. The cleaning policy may specify certain types of metadata such as document properties, specific aspects of metadata, for example specific authors, titles, etc., or any other type of metadata that may be included in a document.

If at step 404 the determination is made that the attached document is not to be cleansed, i.e., the attached document will not have metadata removed, then the process proceeds to step 409 where the email with the attached document is sent.

If at step 404 the determination is made to cleanse the attached document, the process proceeds to step 405 where the attached electronic document is analyzed for metadata. If at step 405 the attached electronic document contains metadata, then at step 406 the pre specified (ether as a default preference, a configured preference, etc.) metadata is removed from the attached electronic document. The metadata may be removed from the attached electronic document by invoking a metadata removal application, such as the examples listed above or other such programs. At step 407 a cleansed version of the attached electronic document is created from the output of step 406, in the presently preferred embodiment, the cleansed version of the attached electronic document contains all of the primary data of the electronic document, but without the metadata associated with the attached electronic document. In the presently preferred embodiment, the cleansed version of the attached electronic document has all of the same attributes, such as the ability to edit and modify the document.

At step 408 the cleansed version of the attached electronic document, or cleansed electronic document, is used to replace the attached electronic document in the received email. At step 409 the received email, with the cleansed electronic document attached, is sent. In one preferred embodiment, the email is sent to an email server, which would then handle the email according to the addressing information and instructions. In alternate embodiments the email server may have already performed the necessary sending operation and the process 400 is an after sending check to prevent unauthorized or unwanted transmission of metadata. In another alterative embodiment, the process 400 may be performed by the email server, and step 409 may include the process of sending the email performed by the email server.

At step 410 cleansed version of the attached electronic document may be saved, either on a server, in attached or networked storage, or on the end-user's electronic device.

Alternate embodiments of the present invention may alert the end user that the attached electronic document has been cleansed prior to transmitting a cleansed version. Additionally, alerts may be sent to an admin, or a log of an attempted sending of an un-cleansed document may be stored and/or reported. Still other embodiments may include seeking confirmation from a person (the sender, an administrator, or another) before cleaning and replacing the attached document, or before sending a cleansed version of the attached document.

While process 300 and 400 were described in the context of a single attachment of an email, multiple attachments, either of the same document type or of multiple document types, may be analyzed and cleansed prior to sending an email.

The invention has been described with reference to particular embodiments. However, it will be readily apparent to those skilled in the art that it is possible to embody the invention in specific forms other than those of the preferred embodiments described above. This may be done without departing from the spirit of the invention.

Thus, the preferred embodiment is merely illustrative and should not be considered restrictive in any way. The scope of the invention is given by the appended claims, rather than the preceding description, and all variations and equivalents which fall within the range of the claims are intended to be embraced therein. 

1-50. (canceled)
 51. A computer-based system for remotely cleaning metadata from electronic documents, comprising: an intermediate computer that is remote from an electronic device, the intermediate computer including a memory storing instructions, wherein the instructions include a metadata cleansing policy; and a processor programmed to: receive a first email with an attached first electronic document from the electronic device, receive a second email with an attached second electronic document from the electronic device, execute the metadata cleansing policy to remove at least a portion of metadata from the first electronic document, execute the metadata cleansing policy to remove no metadata from the second electronic document, transmit, to a delivery address, the first email with the first electronic document having at least a portion of metadata removed, and transmit the second email with the second electronic document to the delivery address or a different delivery address.
 52. The computer-based system of claim 51, wherein the processor is further programmed to execute the metadata cleansing policy to generate an alert requesting confirmation from a user of the electronic device that at least a portion of metadata should be removed from the first electronic document.
 53. The computer-based system of claim 51, wherein the processor is further programmed to execute the metadata cleansing policy to generate an alert requesting confirmation from a user of the electronic device that no metadata should be removed from the second electronic document.
 54. The computer-based system of claim 51, wherein the processor is further programmed to execute the metadata cleansing policy to remove all metadata from the first electronic document.
 55. The computer-based system of claim 51, wherein the metadata cleansing policy specifies removing at least a portion of metadata from the first electronic document based on a designated recipient of the first email.
 56. The computer-based system of claim 51, wherein the metadata cleansing policy specifies removing no metadata from the second electronic document based on a designated recipient of the second email.
 57. The computer-based system of claim 51, wherein the metadata cleansing policy specifies removing at least a portion of metadata from the first electronic document based on the sender of the first email.
 58. The computer-based system of claim 51, wherein the metadata cleansing policy specifies removing at least a portion of metadata from the first electronic document based on a file type of the first electronic document.
 59. The computer-based system of claim 51, wherein the metadata cleansing policy specifies removing at least a portion of metadata from the first electronic document based on an author metadata of the first electronic document.
 60. A non-transitory computer-readable storage medium storing instructions for remotely cleaning metadata from an electronic document, the instructions including a metadata cleansing policy, wherein the instructions cause one or more computer processors to perform operations comprising: receiving, at an intermediate computer that is remote from an electronic device, a first email with an attached first electronic document from the electronic device, receiving, at the intermediate computer, a second email with an attached second electronic document from the electronic device, executing the metadata cleansing policy to remove at least a portion of metadata from the first electronic document, executing the metadata cleansing policy to remove no metadata from the second electronic document, transmitting, to a delivery address, the first email with the first electronic document having at least a portion of metadata removed, and transmitting the second email with the second electronic document to the delivery address or a different delivery address.
 61. The storage medium of claim 60, wherein the instructions cause the one or more processors to further perform the operation of executing the metadata cleansing policy to generate an alert requesting confirmation from a user of the electronic device that at least a portion of metadata should be removed from the first electronic document.
 62. The storage medium of claim 60, wherein the instructions cause the one or more processors to further perform the operation of executing the metadata cleansing policy to generate an alert requesting confirmation from a user of the electronic device that no metadata should be removed from the second electronic document.
 63. The storage medium of claim 60, wherein the instructions cause the one or more processors to further perform the operation of executing the metadata cleansing policy to remove all metadata from the first electronic document.
 64. The storage medium of claim 60, wherein the metadata cleansing policy specifies removing at least a portion of metadata from the first electronic document based on a designated recipient of the first email.
 65. The storage medium of claim 60, wherein the metadata cleansing policy specifies removing no metadata from the second electronic document based on a designated recipient of the second email.
 66. The storage medium of claim 60, wherein the metadata cleansing policy specifies removing at least a portion of metadata from the first electronic document based on the sender of the first email.
 67. The storage medium of claim 60, wherein the metadata cleansing policy specifies removing at least a portion of metadata from the first electronic document based on a file type of the first electronic document.
 68. The storage medium of claim 60, wherein the metadata cleansing policy specifies removing at least a portion of metadata from the first electronic document based on an author metadata of the first electronic document.
 69. A computer-based method for cleaning metadata from electronic documents according to a metadata cleansing policy, the method comprising: receiving, at an intermediate computer that is remote from an electronic device, a first email with an attached first electronic document from the electronic device, receiving, at the intermediate computer, a second email with an attached second electronic document from the electronic device, executing the metadata cleansing policy to remove at least a portion of metadata from the first electronic document, executing the metadata cleansing policy to remove no metadata from the second electronic document, transmitting, to a delivery address, the first email with the first electronic document having at least a portion of metadata removed, and transmitting the second email with the second electronic document to the delivery address or a different delivery address.
 70. The computer-based method of claim 69, wherein the metadata cleansing policy specifies removing a least a portion of metadata from the first electronic document based on one or more of the following: a designated recipient of the first email, a sender of the first email, a file type of the first electronic document, or an author metadata of the first electronic document. 